Botnet Victims Map


 
Thread Tools Search this Thread
Top Forums Web Development Botnet Victims Map
# 1  
Old 03-19-2014
Botnet Victims Map

Our site is currently "under abuse" from a botnet which is directing a small subset of internet users (not forum users) to a rarely used full page advertising URL and attempting to redirect the user, via that URL to other web sites. This is a kind of "spam" botnet; using a URL redirection method. This does not effect our regular forum members (except that it does increase the server load average).

Prior to discovery, most of these redirection URLs would result in a blank page (no ad) to the "outside user" because we are not using that ad campaign at the moment. However, after discovery of this botnet, we simply redirected the botnet "victims" to our Facebook page (to move them off the server, decrease server load, and extract some statistics about each botnet node).

Today, I wrote a small program to collect the IP addresses of each node of the botnet and perform some analysis by unique IP and country, etc. After this code runs for a while I will update this thread with these ongoing stats:
  • total ips 3321
  • unique ips 820
  • unique countries 59

When the stats above stabilize a bit (unique IPs do not change often and countries are also "stable"), I will extract the longitude and latitude information for each IP from our geoip database and use the Google Map Engine to display the botnet on a global map.

Stay tuned for the pretty picture of this botnet Smilie

At the end of this posting time:
  • total ips 3780
  • unique ips 862
  • unique countries 60
These 9 Users Gave Thanks to Neo For This Post:
# 2  
Old 03-19-2014
Neo, you are awesome. Smilie

Thanks,
R. Singh
# 3  
Old 03-19-2014
Quote:
Originally Posted by RavinderSingh13
Neo, you are awesome. Smilie

Thanks,
R. Singh
I know Smilie (Joking)

Thanks for the kind words; it's always nice to hear them Smilie
  • total ips 4111
  • unique ips 903
  • unique countries 62
# 4  
Old 03-19-2014
Update on Botnet stats from around two hours ago:
  • total ips 9938
  • unique ips 1415
  • unique countries 76
# 5  
Old 03-20-2014
And the botnet keeps getting (tracking) bigger now over 3760 nodes spanning 99 countries and still growing (in our logs):
  • total ips 68725
  • unique ips 3761
  • unique countries 99
# 6  
Old 03-20-2014
Here are the first 2750 nodes of this botnet plotted with Google Maps Engine. You can click on the image to go directly to the map:

Image
# 7  
Old 03-20-2014
OK, updated our GeoIP database and changed mapping code to plot 4214 botnet nodes:


Image
This User Gave Thanks to Neo For This Post:
Login or Register to Ask a Question

Previous Thread | Next Thread

6 More Discussions You Might Find Interesting

1. Cybersecurity

DSL Modem 192.168.a.b botnet member me?

I need a hint or a clue. Some four weeks or even more I try to change the password for my wifi access of the DSL Router without success. I access 192.168.x.x and filling in username as well as the password I am stuck. Literally nothing happens and the support line tells me that this is not... (2 Replies)
Discussion started by: 1in10
2 Replies

2. Web Development

Botnet Map from $_SERVER[HTTP_REFERER]

4000 node Botnet derived from PHP superglobal $_SERVER mapped with Google Maps Engine. https://www.unix.com/members/1-albums112-picture640.png total ips 54945 unique ips 4000 unique countries 64 (2 Replies)
Discussion started by: Neo
2 Replies

3. HP-UX

Vi map command

Hi, I'm trying to map a vi editor key to some commands. I'm using HP-UX 11.11. the command looks like map ~cmnt o * Suman Satpathy : <Esc> :r! date "\%d\%m\%y" <Esc> j$J basically my idea is to map a shortcut for my commentlines. but when I run the shortcut it inserts the line as below *... (1 Reply)
Discussion started by: sumansatpathy
1 Replies

4. Programming

STL map

Hi there, I am using the STL map and I print the map using: map <string, float> ngram_token_index ; map <string, float>::iterator map_iter ; //read the map ... // print the map for ( map_iter = ngram_token_index.begin() ; map_iter != ngram_token_index.end() ; map_iter++ ) cout << ... (2 Replies)
Discussion started by: superuser84
2 Replies

5. UNIX for Advanced & Expert Users

map comparsion

Hi all I have to compare maps/files on two seperate boxes and the output must be as following: 1)list the maps/file on box1 2)list the maps/file on box2 3)List maps in both the environments a) which are same b)which are different pls any ideas are appreciated thnks (2 Replies)
Discussion started by: bkan77
2 Replies

6. UNIX for Dummies Questions & Answers

Unix map?

There is a "Map"? of Unix and all its varients somewhere on the net. I used to have the link , but can't find it now. Anyone out there have a clue???? A good magician never reveals his secret; the unbelievable trick becomes simple and obvious once it is explained. So too with... (3 Replies)
Discussion started by: Bodhi
3 Replies
Login or Register to Ask a Question